Product
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint, allowing unauthenticated attackers to extract sensitive database information.